Written by: Halka Jaklová
Photo by: René Jakl
Do you know what is considered personal information that is protected by law, and how your information can be processed and stored?
Personal information is any information relating to an individual that can be directly or indirectly identified, particularly on the basis of a number, a code, or one of more elements specific to the individual’s physical, physiological, psychological, economic, cultural, or social identity. The protection of personal information and the rights and obligations associated with the processing of this information is generally governed by Law No. 101/2000 Coll.
Essentially, the law relates to personal information that is processed by state authorities, local administrative bodies, or bodies of public authority, as well as individuals and legal entities. These entities can also delegate the processing of such information, which can involve the collection, recording on media, making accessible, modification or alteration, searching for, using, passing on, publishing, archiving, exchange, classification, or combination, blocking, and deletion of information.
This information can be processed only under the conditions set forth in the law. Records of individuals containing personal information can be maintained only with the consent of the person to whom the information relates, and §5 of the law stipulates exceptions for which consent is not necessary, for example the provision of information on a public servant, a functionary, or a public administration employee. Additionally, an administrator or processor of personal information is obligated to state the purpose for which the personal information is to be processed. There is also an important rule on the prohibition of the collection of information that is superfluous with respect to the stipulated purpose of its processing. After the period for processing has elapsed, personal information can be stored only for the needs of the state statistical service, science, and archiving.
An administrator or a processor is obligated to ensure the protection of personal information by implementing all possible technical and organizational measures. All persons who come into contact with personal information are also obligated to maintain confidentiality and adhere to security measures relating thereto. The obligation of confidentiality persists even after the handling of the information is completed. Everyone who intends to process personal information must notify the Office for the Protection of Personal Information.